k`sOSe reported an integer overflow vulnerability in the sdpplin_parse() function in the file stream/realrtsp/sdpplin.c, which can be exploited to overwrite arbitrary memory regions via an overly large "StreamCount" SDP parameter.

Impact

A remote attacker could entice a user to open a specially crafted media file, possibly resulting in the execution of arbitrary code with the privileges of the user running MPlayer.